Cross-Site Scripting Vulnerability in AndSoft e-TMS Software
CVE-2025-59762

5.1MEDIUM

Key Information:

Vendor

Andsoft

Status
E-tms
Vendor
CVE Published:
2 October 2025

What is CVE-2025-59762?

A cross-site scripting (XSS) vulnerability exists in AndSoft's e-TMS software version 25.03, enabling an attacker to execute malicious JavaScript code in a victim's browser. This can be exploited by sending crafted URLs containing harmful parameters such as 'l', 'demo', 'demo2', 'TNTLOGIN', 'UO', and 'SuppConn' within the '/clt/LOGINFRM_DLG.ASP' endpoint. Users accessing the malicious URL may unknowingly execute scripts that could compromise their personal information or systems.

Affected Version(s)

e-TMS v25.03 version

References

https://www.incibe.es/en/incibe-cert/notices/aviso/update...

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Maximilian Hildebrand (m10x.de)
JSON
.
CVE-2025-59762 : Cross-Site Scripting Vulnerability in AndSoft e-TMS Software